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Intellectual Property Rights 



IPRs essential or potentially essential to the present document may have been declared to ETSI. The information 
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
server ( http://webapp.etsi.org/IPR/home.asp ). 

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee 
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web 
server) which are, or may be, or may become, essential to the present document. 



Foreword 



This Technical Specification (TS) has been produced by ETSI Technical Committee Electronic Signatures and 
Infrastructures (ESI). 



Introduction 



TS 101 903 [1] (XAdES henceforth) specifies formats for Advanced Electronic Signatures built on XML SIG [2]. That 
document defines a number of signed and unsigned optional signature attributes, resulting in support for a number of 
variations in the signature contents and powerful processing requirements. 

In order to maximise interoperability in communities applying XAdES to particular environments it is necessary to 
identify a common set of options that are appropriate to that environment. Such a selection is commonly called a 
profile. 

The present document defines three profiles that minimise the differences between implementations and so maximise 
interoperability. The two first profiles are suitable for specific business areas, namely e-Invoicing and e-Govemment, 
respectively. The third profile provides a baseline for other application areas. 

Profiles specified in clauses 5, 6 and 7 are based on the actual usage of the XML SIG [2] and XAdES [1] options, as 
emerged from a survey conducted by ETSI over a substantial number of prominent European actors in the electronic 
signature domain. 

Therefore the following provisions represent a general consensus of the use of these standards and hence provide a 
reliable basis for maximising interoperability. Nevertheless, in particular business areas and niches there may be 
specific needs and/or regulations that may require variations to these profiles. 
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Scope 



The present document profiles the use of TS 101 903 (XAdES) [1] signatures, based on XML SIG [2] for its use within 
the following specific environments as follows: 

• e-Invoicing area. 

• e-government area. 

• a baseline for other application areas. 

These profiles do not repeat the base requirements of the referenced standards, but their aim is to maximise 
interoperability of XML-based advanced electronic signatures in the e-Invoicing and e-Government business areas. In 
addition to that, the baseline profile is given as basis for interoperability profiles in other application areas. 

Optional elements defined in XAdES [1] but not specified in the current document are treated as optional for both 
generator and verifiers. 



References 



The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

Referenced documents which are not found to be publicly available in the expected location might be found at 
http://docbox.etsi.org/Reference . 

NOTE: While any hyperlinks included in this clause were vaUd at the time of publication ETSI cannot guarantee 
their long term validity. 



[1] 

[2] 
[3] 

[4] 

[5] 
NOTE: 

[6] 

[7] 

[8] 



ETSITS 101 903: "XML Advanced Electronic Signatures (XAdES)". 

W3C-IETF: "XML-Signature Syntax and Processing", W3C Recommendation, February 2002. 

ITU-T Recommendation X.509 / ISO/IEC 9594-8: "Information technology - Open Systems 
Interconnection - The Directory: Public -key and attribute certificate frameworks". 

IETF RFC 3280: "Internet X.509 PubUc Key Infrastructure Certificate and Certificate Revocation 
List (CRL) Profile". 

CEN Workshop Agreement 15579 (2006): "E-invoices and digital signatures". 

As a fault has been identified in the 2006 version CWA 15579, it will be updated soon after 
publication of the present document. Implementations should refer to this revised version. 

IETF RFC 2560: "X.509 Internet Public Key Infrastructure Onhne Certificate Status Protocol - 
OCSP". 

ETSI TS 102 176-1 (Vl.2.1): "Electronic Signatures and Infrasti-uctures (ESI); Algorithms and 
Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms". 

CEN Workshop Agreement 14171 (2004): "General guidelines for electronic signature 
verification" . 
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Definitions and abbreviations 



3.1 Definitions 

For the purposes of the present document, the following terms and definitions apply: 

generator: any party which creates, or adds attributes to, a signature 

NOTE: This may be the signatory or any party which initially verifies or further maintains the signature. 

long term signatures: signatures that are expected to be verified beyond the signers' certificate expiration date and, 
possibly, even after the expiration date of the certificate of the signers' certificate-issuing CA 

NOTE: Refer to CWA 14171 [8], clause 5.1. 
protocol element: element of the protocol which may be including data elements and / or elements of procedure 
service element: element of service that may be provided using one or more protocol elements 

NOTE: All alternative protocol elements provide an equivalent service to the users of the protocol. 

short term signatures: signatures that are to be verified for a period of time that does not go beyond the signers' 
certificate expiration date 

NOTE: Refer to CWA 14171 [8], clause 5.1. 

verifier: entity that validates or verifies an electronic signature 

The present document makes use of certain key words to signify requirements. Below follows their definitions: 

may: Means that a course of action is permissible within the limits of the present document. 

shall: Means that the definition is an absolute requirement of the present document. It has to strictly be followed in 
order to conform to the present document. 

should: Means that among several possibilities one is recommended as particularly suitable, without mentioning or 
excluding others, or that a certain course of action is preferred but not necessarily required. Implementers may know 
valid reasons in particular circumstances to ignore this recommendation, but the full implications must be understood 
and carefully weighed before choosing a different course. 

3.2 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 

CA Certification Authority 

CEN European Committee for standardization 

CRL Certificate Revocation List 

CWA CEN Workshop Agreement 

OCSP Online Certificate Status Protocol 

TSP Trusted Service Providers 

TST Time-Stamp Token 

XAdES XML Advanced Electronic Signatures 

NOTE: As per TS 101 903 [1]. 

XML extensible Markup Language 

XML SIG extensible Markup Language digital SIGnature 

NOTE: As per W3C/IETF recommendation referenced in [2]. 



£75/ 



ETSI TS 102 904 V1 .1 .1 (2007-02) 



4 General requirements 

4.1 Algorithm requirements 

Implementers are strongly recommended to take into account TS 102 176-1 [7] when selecting algorithms and key 
lengths. 



4.2 Compliance requirements 



Profiles in the present document define separated requirements for both generator and verifier of XAdES signatures. 
Requirements are grouped in four different categories, each one having its corresponding identifier. Table 1 defines 
these categories and their identifiers. 

Table 1 : Requirement categories 



Identifier 


Requirement on generator 


Requirement on verifier 


IVI 


Generator shall include the element in 
the signature. 


Verifier shall process the element. 


R 


Generator should include the element in 
the signature. 


Verifier shall process the element if present. 





Generator may include the element in 
the signature. 


Verifier may either process or ignore this element 
and process the rest of the signature. 



Clauses 5 to 7 specify additional requirements on signature formats that must be taken into account along with those 
ones already present in TS 101 903 (XAdES) [1] and XML SIG [2]. 

Systems claiming to support the XAdES profile for e-Invoicing shall be compliant with requirements in clauses 5.1, 5.2, 
5.3 and 5.5. Systems claiming to support the XAdES profile for e-In voicing with support for long term signatures shall 
also be compliant with requirements in clause 5.4. 

Systems claiming to support the XAdES profile for e-Government shall be compliant with requirements in clauses 6.1, 
6.2, 6.3 and 6.5. Systems claiming to support the XAdES profile for e-Government with support for long term 
signatures shall also be compliant with requirements in clause 6.4. 

Systems claiming to support the baseline XAdES profile shall be compliant with requirements in clauses 7.1, 7.2, 7.3 
and 7.5. Systems claiming to support the baseline XAdES profile with support for long term signatures shall also be 
compliant with requirements in clause 7.4. 

Optional elements defined in XAdES [1] but not specified in the current document are treated as "O" as above 
for both generator and verifiers. In certain cases, elements are included marked with an "O" for both generator and 
verifier to bring the readers" attention to the fact that it is optional. 

Certain service elements may be provided by different protocol elements at user's choice. In these cases the semantics of 
M, R and O defined in the table above depend on the requirement for the service element itself. Tables 2 to 4 (each one 
applies to a different requirement on the service element) define these semantics. 

Table 2: Requirements for mandatory service with choices 



Requirement Identifier 
for the Service / 
Protocol element 


Requirement on generator 


Requirement on verifier 


Service = M 


Generator shall provide the service by including one 
protocol element chosen from the list of choices. 


Verifiers shall be able to process at 
least one of the protocol elements in 
the list of choices. 


Protocol Choice = R 


Generator should use this protocol element for 
providing the mandatory service element. 


Verifiers shall process this protocol 
element if present. 


Protocol Choice = 


Generator may use this protocol element for 
providing the mandatory service elements. 


Verifiers may ignore this protocol 
element. 
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Table 3: Requirements for recommended service withi chioices 



Requirement Identifier 
for the Service / 
Protocol element 


Requirement on generator 


Requirement on verifier 


Service = R 


Generator should provide the service by including 
one protocol element chosen from the list of 
choices. 


Verifiers shall be able to process at 
least one of the protocol elements in 
the list of choices. 


Protocol Choice = R 


If the generator decides to provide the service, then 
she should use this protocol element. 


Verifiers shall process this protocol 
element if present. 


Protocol Choice = 


Generator may use this protocol element for 
providing the service elements. 


Verifiers may ignore this protocol 
element. 



Table 4: Requirements for optional service with choices 



Requirement Identifier 
for the Service / 
Protocol element 



Requirement on generator 



Requirement on verifier 



Service = O 



Generator may provide the service by including one 
protocol element chosen from the list of choices. 



Verifiers may ignore protocol elements 
providing this service. 



Protocol Choice = R 



If the generator decides to provide the service, then 
she should use this protocol element. 



If the generator decides to provide the service, then 
she may use this protocol element. 



If supporting this service verifiers shall 
process this protocol element if 
present. 



Protocol Choice = O 



Verifiers may ignore this protocol 
element. 



The present document shows new requirements for each service and protocol element in tabular form. Below follows 
the structure of the table. 

Table 5: Requirements for optional service with choices 



Service / Protocol 
element 


Reference 


Requirement on 
generator 


Requirement on 
verifier 


Notes / Additional 
requirements 


Service: 










Choice 1 










Choice 2 











Column Service / Protocol element will identify the service element or protocol element the requirement applies to. 
Service elements that may be implemented by different protocol elements (i.e. users may make a choice on several 
protocol elements) build tables with more than one row. 

Column Reference will reference the relevant clause of the standard where the element is first defined. The reference is 
to XAdES [1], except where explicitly indicated otherwise. 

Column Requirement on generator will contain an identifier of the requirement, as defined in table 1 , bound to the 
corresponding protocol element for the generator. 

Column Requirement on verifier will contain an identifier, as defined in table 1 , of the requirement bound to the 
corresponding protocol element for the verifier of the signature. 

Column Notes / Additional requirements will contain numbers referencing notes and/or letters referencing additional 
requirements. Both notes and additional requirements are listed below the table. 

Profiles may be affected by applicable regulations; hence implementers should check any national regulation that may 
affect these profiles. 



XAdES profile for e-lnvoicing 



This clause defines a profile for XAdES signatures to be applied to electronic signatures applied on e-Invoices. 
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5.1 



Elements defined in XIVIL SIG 



5.1.1 Placement of the signature 



Table 6 



Service / Protocol 
element 


XML SIG [2] 
reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


Service: signature 




M 


M 




Enveloping Signature 


Clause 10.0 





R 




Enveloped Signature 


Clause 10.0 





R 




Detached Signature 


Clause 10.0 





R 





5.2 Profile of elements in Basic XAdES form (XAdES-BES) 
5.2.1 ds:Keylnfo and xades:SigningCertificate 

Table 7 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: Identifying signer and validation key and 
securing the signing certificate 




M 


M 




ds:KeyInfo/X50 9Data/X50 9Certificate 
present AND ds : Keyinf o signed by the signature 


XAdES [1], 
clause 4.4.1 


R 


R 




xades : SigningCertif icate present 


XAdES [1], 
clause 7.2.2; 

XMLSig [2], 
clause 4.4.4 





R 


a 



Additional requirement: 

a) The verifier must check that the signing certificate used matches the one referenced within 

xades : SigningCertif icate as specified in XAdES [1]. 



5.2.2 Signing Time 



Table 8 



Service / Protocol 
element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


xades : SigningTime 


Clause 7.2.1 
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5.2.3 Countersignatures 



Table 9 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: counter signing 


Clause 7.2.4 








a 


ds: Reference's Type attribute profiled to 

"http://uri.etsi.org/01 903#CountersignedSignature 

in the countersignature 


Clause 
7.2.4.1 








a 


xades : Countersignature 


Clause 
7.2.4.2 








a 



Additional requirement: 

a) Use of countersignatures should be agreed upon in a prior arrangement between the generator and the verifier 
so that the verifier is aware of the presence, number and meaning of the countersignature. 



5.3 



Additional attributes defined in XAdES 



5.3.1 Signature time-stamp / time-mark 

Table 10 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: Trusted signing time 




R 


R 




xades : SignatureTimeStamp 


Clause 7.3 


R 


R 




Time-mark 


Clause 4.4.3.1 











NOTE: The signature time-stamp assists in making the difference between valid and invalid electronic signatures 
in case the signer's certificate has been revoked. 

5.4 Additional attributes defined in XAdES for long term 
signatures 

The requirements specified in all 5.4 clauses are only applicable to systems managing long term signatures. Further 
details of procedures for the management of signatures over the long term may be found in CWA 14171 [8], clause 5.1. 



5.4.1 Certificate references 



Table 11 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


xades :CompleteCertif icateReferences 


Clause 7.4.1 


R 


R 
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5.4.2 Revocation status references 

Table 12 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: complete revocation status references 




R 


R 




xades : CompleteRevocationRef erences / 

CRLRefs 


Clause 7.4.2 





R 


a 


xades : CompleteRevocationRef erences / 

OCSPRefs 


Clause 7.4.2 





R 


a 



NOTE 1 : The generator is recommended to make use of this service, using either CRLs or OCSP Responses. The 
verifier should be able to handle both. 

NOTE 2: This attribute should be generated and added when the meaningful issue of the required component of 
revocation and validation data become available. This may require taking into account a grace period. A 
grace period permits certificate revocation information to propagate through the revocation processes. 
This period could extend from the time an authorized entity requests for a certificate revocation, to when 
the revocation information is available for the relying to use. In order to make sure that the certificate was 
not revoked at the time the signature was time-marked or time-stamped, the generation of this attribute 
should wait until the end of the grace period. 

Additional requirement: 

a) The revocation status information shall be the one that encompasses the time of signing. 



5.4.3 Certificate values 



Table 13 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: certificate values 




R 


R 




xades : Cert ificateVa lues 


Clause 7.6.1 










Certificates maintained by CA or other trusted 

service 










a 



Additional requirement: 

a) If a Certification Authority (CA) or other trusted service is trusted to keep revocation status information for the 
archiving period and it is known where and how to obtain them, then there is no need to hold revocation 
information within the signature. This requires prior agreement between the verifier and the trust service 
provider / CA. 



5.4.4 Revocation status values 



Table 14 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: revocation status values 




R 


R 




xades :CertificateValues/CRLValues 


Clause 7.6.2 








a 


xades: Cert ificateValues/OCSPValues 


Clause 7.6.2 








a 


Revocation status values maintained by CA or 
other trusted service 










a, b 
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Additional requirements: 

a) A verifier should be able to process a CRL and an OCSP Response regardless of where it fetches this 
revocation status information. 

b) If a Certification Authority (CA) or other trusted service is trusted to keep revocation status information for the 
archiving period and it is known where and how to obtain them, then there is no need to hold revocation 
information within the signature. This requires prior agreement between the verifier and the trust service 
provider / CA. 



5.4.5 Archive time-stamp 



Table 15 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


xades : ArchiveTimeStamp 


Clause 7.7 








a 



Additional requirements: 

a) The requirement for verifiers becomes R if there are no alternative technical or organisational mechanisms to 
maintain the validity of the signed document over the period of storage. 

5.5 Other standards 



5.5.1 X.509 Certificates 



Table 16 



Service / Protocol 
element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


X.509 Certificate Profile 


RFC 3280 [4] 


M 


M 


1 



NOTE 1: ETSI has defined suitable certificate profiles (TS 101 862 and TS 102 280). 
NOTE 2: RFC 3280 [4] is a profile of X.509 [3]. 

5.5.2 Certificate key usage for e-lnvoicing 

Table 17 



Service / Protocol element 


CWA on e- 


Generator 


Verifier 


Additional 




Invoices and 


requirement 


requirement 


requirements / notes 




digital 










signatures [5] 










reference 








Certificate extended Key 


Clause 5.7.2 


R 







Usage id= kp-elnvoicing 










(non critical) 











NOTE: As a fault has been identified in the 2006 version CWA 15579, it will be updated soon after publication of 
the present document. Implementations should refer to this revised version. 
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5.5.3 Naming 



Table 18 



Service / Protocol element 


CWA on e-lnvoices 

and digital 

signatures [5] 

reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


Certificate 

Subject .Organization 


Clause 5.7 


R 


R 


a 



Table 19 



Service / Protocol 


CWA on e-lnvoices 


Generator 


Verifier 


Additional 


element 


and digital 

signatures [5] 

reference 


requirement 


requirement 


requirements / notes 


Certificate 


Clause 5.7 


R 





b, c 


Subject . CommonName 











Table 20 



Service / Protocol element 


CWA on e- 
Invoices and 

digital 
signatures [5] 

reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Certificate 

Subject . OrganizationalUnit 


Clause 5.7 








d 



Additional requirements: 

a) The Subject Organisation should identify the organisation issuing the invoicing. 

b) If the certificate is signed by a human the Subject Common Name should identify the physical person signing 
the invoice. 

c) If the certificate is signed by a system the Subject Common Name should identify that system using, for 
example, the Internet Domain Name of that system. 

d) Where more than one department in an organisation independently issue invoices. Subject Organisational Unit 
should identify that department. 



XAdES profile for e-Government 



This clause defines a profile for XAdES signatures to be applied to electronic signatures applied on e-Government. 

In addition to the general warning in the last sentence of clause 4.2, it should be noted that relationships with 
Governmental agencies may be governed by specific rules that address also technical provisions related to exchanging 
electronic communications. 
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6.1 



Elements defined in XIVIL SIG 



6.1.1 Placement of the signature 



Table 21 



Service / Protocol 
element 


XML SIG [2] 
reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


Service: signature 




M 


M 




Enveloping Signature 


Clause 10.0 





R 




Enveloped Signature 


Clause 10.0 





R 




Detached Signature 


Clause 10.0 





R 





6.2 Profile of elements in Basic XAdES form (XAdES-BES) 
6.2.1 ds:Keylnfo and xades:SigningCertificate 

Table 22 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: Identifying signer and validation key and 
securing the signing certificate 




M 


M 




ds:KeyInfo/X50 9Data/X50 9Certificate 
present AND ds : Keyinf o signed by the signature 


XAdES [1], 
clause 4.4.1 


R 


R 




xades : SigningCertif icate present 


XAdES [1], 
clause 7.2.2; 

XMLSig [2], 
clause 4.4.4 





R 


a 



Additional requirement: 

a) The verifier must check that the signing certificate used matches the one referenced within 

xades : SigningCertif icate as specified in XAdES [1]. 



6.2.2 Signing Time 



Table 23 



Service / Protocol 
element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


xades : signingTime 


Clause 7.2.1 











6.2.3 Countersignatures 



Table 24 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: counter signing 


Clause 7.2.4 





R 


a 


Ds: Reference's Type attribute profiled to 

"http://uri.etsi.org/01 903#CountersignedSignature 

in the countersignature 


Clause 7.2.4.1 





R 


a 


xades : Countersignature 


Clause 7.2.4.2 





R 


a 



£75/ 



16 



ETSI TS 102 904 V1.1.1 (2007-02) 



Additional requirement: 

a) Use of countersignatures should be agreed upon in a prior arrangement between the generator and the verifier 
so that the verifier is aware of the presence, number and meaning of the countersignature. 



6.3 



Additional attributes defined in XAdES 



6.3.1 Signature time-stamp / time-mark 



Table 25 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: Trusted signing time 




R 


R 




xades : SignatureTimeStamp 


Clause 7.3 





R 


1 


Time-marl< 


Clause 4.4.3.1 








2 



NOTE 1 : The signature time-stamp assists in making the difference between valid and invalid electronic signatures 
in case the signer's certificate has been revoked. 

NOTE 2: Governmental agencies or other trust service providers (TSP) may act in practice as "trusted signed 

documents storage providers" for the documents they send or receive. In this case there is no need to add 
time stamp tokens (or at least to add a TST chain) to these documents since the Governmental agency or 
TSP provides the necessary trust on the signature time, implementing in practice a "time mark". 

6.4 Additional attributes defined in XAdES for long term 
signatures 

The requirements specified in all 6.4 clauses are only applicable to systems managing long term signatures. Further 
details of procedures for the management of signatures over the long term may be found in CWA 14171 [8], clause 5.1. 



6.4.1 Certificate references 



Table 26 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


xades :CompleteCertif icateReferences 


Clause 7.4.1 


R 


R 





6.4.2 Revocation status references 

Table 27 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: complete revocation status references 




R 


R 




xades : CompleteRevocationRef erences / 

CRLRefs 


Clause 7.4.2 





R 


a 


xades : CompleteRevocationRef erences / 

OCSPRefs 


Clause 7.4.2 





R 


a 



NOTE 1: The generator is recommended to make use of this service, using either CRLs or OCSP Responses. The 
verifier should be able to handle both. 
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NOTE 2: This attribute should be generated and added when the meaningful issue of the required component of 
revocation and validation data become available. This may require taking into account a grace period. A 
grace period permits certificate revocation information to propagate through the revocation processes. 
This period could extend from the time an authorized entity requests for a certificate revocation, to when 
the revocation information is available for the relying to use. In order to make sure that the certificate was 
not revoked at the time the signature was time-marked or time-stamped, the generation of this attribute 
should wait until the end of the grace period. 

Additional requirement: 

a) The revocation status information shall be the one that encompasses the time of signing. 



6.4.3 Certificate values 



Table 28 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: certificate values 




R 


R 




xades : Certif icateValues 


Clause 7.6.1 










Certificates maintained by CA or 
other trusted service 










a 



Additional requirement: 

a) If a Certification Authority (CA) or other trusted service is trusted to keep revocation status information for the 
archiving period and it is known where and how to obtain them, then there is no need to hold revocation 
information within the signature. This requires prior agreement between the verifier and the trust service 
provider / CA. 



6.4.4 Revocation status values 



Table 29 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: revocation status values 




R 


R 




xades: Certif icateValues/CRLValues 


Clause 7.6.2 








a 


xades: Cert ificateValues/OCSPValues 


Clause 7.6.2 








a 


Revocation status values maintained by CA or 
other trusted service 










a, b 



Additional requirements: 

a) A verifier should be able to process a CRL and an OCSP Response regardless of where it fetches this 
revocation status information. 

b) If a Certification Authority (CA) or other trusted service is trusted to keep revocation status information for the 
archiving period and it is known where and how to obtain them, then there is no need to hold revocation 
information within the signature. This requires prior agreement between the verifier and the trust service 
provider / CA. 



£75/ 



18 



ETSI TS 102 904 V1.1.1 (2007-02) 



6.4.5 Archive time-stamp 



Table 30 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


xades : ArchiveTimeStamp 


Clause 7.7 








a 



Additional requirement: 

a) The requirement for verifiers becomes R if there are no alternative technical or organisational mechanisms to 
maintain the validity of the signed document over the period of storage. 

6.5 Other standards 



6.5.1 X.509 Certificates 



Table 31 



Service / Protocol 
element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


X.509 Certificate Profile 


RFC 3280 [4] 


M 


M 


1 



NOTE 1: ETSI has defined suitable certificate profiles (TS 101 862 and TS 102 280). 
NOTE 2: RFC 3280 [4] is a profile of X.509 [3]. 



XAdES baseline profile 



The present clause defines a profile for XAdES signatures which provides a baseline for other application areas. 



7.1 



Elements defined in XML SIG 



7.1.1 



Placement of tine signature 



Table 32 



Service / Protocol 
element 


XML SIG [2] 
reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


Service: signature 




M 


M 




Enveloping Signature 


Clause 10.0 





R 




Enveloped Signature 


Clause 10.0 





R 




Detached Signature 


Clause 10.0 





R 
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7.2 Profile of elements in Basic XAdES form (XAdES-BES) 
7.2.1 ds:Keylnfo and xades:SigningCertificate 

Table 33 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: Identifying signer and validation key and 
securing the signing certificate 




M 


M 




ds:KeyInfo/X50 9Data/X50 9Certificate 
present AND ds : Keyinf o signed by the signature 


XAdES [1], 
clause 4.4.1 


R 


R 




xades : SigningCertif icate present 


XAdES [1], 
clause 7.2.2; 

XMLSig [2], 
clause 4.4.4 





R 


a 



Additional requirement: 

a) The verifier must check that the signing certificate used matches the one referenced within 

xades : SigningCertif icate as specified in XAdES [1]. 



7.2.2 Signing Time 



Table 34 



Service / Protocol 
element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


xades : SigningTime 


Clause 7.2.1 











7.2.3 Countersignatures 



Table 35 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: counter signing 


Clause 7.2.4 








a 


ds: Reference's Type attribute profiled to 

"http://uri.etsi.org/01 903#CountersignedSignature 

in the countersignature 


Clause 7.2.4.1 








a 


xades : Countersignature 


Clause 7.2.4.2 








a 



Additional requirement: 

a) Use of countersignatures should be agreed upon in a prior arrangement between the generator and the verifier 
so that the verifier is aware of the presence, number and meaning of the countersignature. 
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7.3 



Additional attributes defined in XAdES 



7.3.1 Signature time-stamp / time-mark 



Table 36 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


xades : SignatureTimeStamp 


Clause 7.3 











NOTE: The signature time-stamp assists in making the difference between valid and invaUd electronic signatures 
in case the signer's certificate has been revoked. 

7.4 Additional attributes defined in XAdES for long term 
signatures 

The requirements specified in all 7.4 clauses are only applicable to systems managing long term signatures. Further 
details of procedures for the management of signatures over the long term may be found in CWA 14171 [8], clause 5.1. 



7.4.1 



Certificate references 



Table 37 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


xades : CompleteCertif icateRef erences 


Clause 7.4.1 


R 


R 





7.4.2 Revocation status references 

Table 38 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: complete revocation status references 




R 


R 




xades : CompleteRevocationRef erences / 

CRLRefs 


Clause 7.4.2 





R 


a 


xades : CompleteRevocationRef erences / 

OCSPRefs 


Clause 7.4.2 





R 


a 



NOTE 1: The generator is recommended to make use of this service, using either CRLs or OCSP Responses. The 
verifier should be able to handle both. 

NOTE 2: This attribute should be generated and added when the meaningful issue of the required component of 
revocation and validation data become available. This may require taking into account a grace period. A 
grace period permits certificate revocation information to propagate through the revocation processes. 
This period could extend from the time an authorized entity requests for a certificate revocation, to when 
the revocation information is available for the relying to use. In order to make sure that the certificate was 
not revoked at the time the signature was time-marked or time-stamped, the generation of this attribute 
should wait until the end of the grace period. 

Additional requirement: 

a) The revocation status information shall be the one that encompasses the time of signing. 
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7.4.3 Certificate values 



Table 39 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: certificate values 




R 


R 




xades : Certif icateValues 


7.6.1 










Certificates maintained by CA or 
other trusted service 










a 



Additional requirement: 

a) 



If a Certification Authority (CA) or other trusted service is trusted to keep revocation status information for the 
archiving period and it is known where and how to obtain them, then there is no need to hold revocation 
information within the signature. This requires prior agreement between the verifier and the trust service 
provider / CA. 



7.4.4 Revocation status values 



Table 40 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


Service: revocation status values 




R 


R 




xades : Certif icateValues/CRLValues 


Clause 7.6.2 








a 


xades: Cert ificateValues/OCSPValues 


Clause 7.6.2 








a 


Revocation status values maintained by CA or 
other trusted service 










a, b 



Additional requirements: 

a) A verifier should be able to process a CRL and an OCSP Response regardless of where it fetches this 
revocation status information. 

b) If a Certification Authority (CA) or other trusted service is trusted to keep revocation status information for the 
archiving period and it is known where and how to obtain them, then there is no need to hold revocation 
information within the signature. This requires prior agreement between the verifier and the trust service 
provider / CA. 



7.4.5 Archive time-stamp 



Table 41 



Service / Protocol element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 

requirements / 

notes 


xades : ArchiveTimeStamp 


Clause 7.7 








a 



Additional requirement: 

a) The requirement for verifiers becomes R if there are no alternative technical or organisational mechanisms to 
maintain the validity of the signed document over the period of storage. 
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7.5 Other standards 

NOTE Generators and verifiers are recommended to support CRLs for conveying certificate status information 
for the sake of interoperability. 



7.5.1 X.509 Certificates 



Table 42 



Service / Protocol 
element 


Reference 


Generator 
requirement 


Verifier 
requirement 


Additional 
requirements / notes 


X.509 Certificate Profile 


RFC 3280 [4] 


M 


M 


1 



NOTE 1: ETSI has defined suitable certificate profiles (TS 101 862 and TS 102 280). 
NOTE 2: RFC 3280 [4] is a profile of X.509 [3]. 
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Annex A (informative): 
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